/** * @brief reads a given attribute for an LDAP record identified by a DN * @param $dn the record in question * @param $attr the attribute that shall be retrieved * @returns the values in an array on success, false otherwise * * Reads an attribute from an LDAP entry */ public function readAttribute($dn, $attr) { if (!$this->checkConnection()) { \OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN); return false; } $cr = $this->connection->getConnectionResource(); if (!is_resource($cr)) { //LDAP not available \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG); return false; } $rr = @ldap_read($cr, $dn, 'objectClass=*', array($attr)); if (!is_resource($rr)) { \OCP\Util::writeLog('user_ldap', 'readAttribute ' . $attr . ' failed for DN ' . $dn, \OCP\Util::DEBUG); //in case an error occurs , e.g. object does not exist return false; } $er = ldap_first_entry($cr, $rr); //LDAP attributes are not case sensitive $result = \OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8'); $attr = mb_strtolower($attr, 'UTF-8'); if (isset($result[$attr]) && $result[$attr]['count'] > 0) { $values = array(); for ($i = 0; $i < $result[$attr]['count']; $i++) { $values[] = $this->resemblesDN($attr) ? $this->sanitizeDN($result[$attr][$i]) : $result[$attr][$i]; } return $values; } \OCP\Util::writeLog('user_ldap', 'Requested attribute ' . $attr . ' not found for ' . $dn, \OCP\Util::DEBUG); return false; }
/** * Authenticates a user to LDAP * * @return true if the username and/or password provided are valid * false if the username and/or password provided are invalid * */ function ldap($username, $password) { $ldaphost = Config::get('ldap.url'); $ldaprdn = Config::get('ldap.username'); $ldappass = Config::get('ldap.password'); $baseDn = Config::get('ldap.basedn'); $filterQuery = Config::get('ldap.authentication.filter.query') . $username; // Connecting to LDAP $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}"); // Needed for AD ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); try { if ($connection) { // binding to ldap server $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass); if (($results = @ldap_search($connection, $baseDn, $filterQuery)) !== false) { $entry = ldap_first_entry($connection, $results); if (($userDn = @ldap_get_dn($connection, $entry)) !== false) { if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") { return true; } } } } } catch (Exception $e) { LOG::error($e->getMessage()); } ldap_close($connection); return false; }
public function rewind() { $this->current = ldap_first_entry($this->connection, $this->search); if (false === $this->current) { throw new LdapException(sprintf('Could not rewind entries array: %s', ldap_error($this->connection))); } }
/** * Authenticates a user to LDAP * * @param $username * @param $password * @param bool|false $returnUser * @return bool true if the username and/or password provided are valid * false if the username and/or password provided are invalid * array of ldap_attributes if $returnUser is true */ function ldap($username, $password, $returnUser = false) { $ldaphost = Setting::getSettings()->ldap_server; $ldaprdn = Setting::getSettings()->ldap_uname; $ldappass = Crypt::decrypt(Setting::getSettings()->ldap_pword); $baseDn = Setting::getSettings()->ldap_basedn; $filterQuery = Setting::getSettings()->ldap_auth_filter_query . $username; $ldapversion = Setting::getSettings()->ldap_version; // Connecting to LDAP $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}"); // Needed for AD ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldapversion); try { if ($connection) { // binding to ldap server $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass); if (($results = @ldap_search($connection, $baseDn, $filterQuery)) != false) { $entry = ldap_first_entry($connection, $results); if (($userDn = @ldap_get_dn($connection, $entry)) !== false) { if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") { return $returnUser ? array_change_key_case(ldap_get_attributes($connection, $entry), CASE_LOWER) : true; } } } } } catch (Exception $e) { LOG::error($e->getMessage()); } ldap_close($connection); return false; }
/** * Binds/authenticates the user to LDAP, and returns their attributes. * * @author [A. Gianotto] [<*****@*****.**>] * @since [v3.0] * @param $username * @param $password * @param bool|false $user * @return bool true if the username and/or password provided are valid * false if the username and/or password provided are invalid * array of ldap_attributes if $user is true * */ static function findAndBindUserLdap($username, $password) { $settings = Setting::getSettings(); $connection = Ldap::connectToLdap(); $ldap_username_field = $settings->ldap_username_field; $baseDn = $settings->ldap_basedn; if ($settings->is_ad == '1') { // In case they haven't added an AD domain if ($settings->ad_domain == '') { $userDn = $username . '@' . $settings->email_domain; } else { $userDn = $username . '@' . $settings->ad_domain; } } else { $userDn = $ldap_username_field . '=' . $username . ',' . $settings->ldap_basedn; } $filterQuery = $settings->ldap_auth_filter_query . $username; if (!($ldapbind = @ldap_bind($connection, $userDn, $password))) { return false; } if (!($results = ldap_search($connection, $baseDn, $filterQuery))) { throw new Exception('Could not search LDAP: '); } if (!($entry = ldap_first_entry($connection, $results))) { return false; } if (!($user = array_change_key_case(ldap_get_attributes($connection, $entry), CASE_LOWER))) { return false; } return $user; }
public function __construct($user) { $this->_id = $user; /* Connect to the IU's ADS server */ $ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die("Could not connect to ads.iu.edu:636 server"); ldap_bind($ds, LDAP_USER . "," . LDAP_BASEDN, LDAP_PWD) or die("LDAP bind to ADS failed."); /* Search for a particular user information (Only required info) */ $reqatr = array("mail", "displayName", "givenName", "title"); $result = ldap_search($ds, LDAP_BASEDN, "(sAMAccountName={$this->_id})", $reqatr) or die("Search: No ADS entry has been found for the current user."); /* Each node in a directory tree has an entry. */ $entry = ldap_first_entry($ds, $result); while ($entry) { /* Each entry is a set of attribute value pairs */ /* Extracting only required values */ /* Also assuming there is only single value */ $this->_email = ldap_get_values($ds, $entry, "mail"); $this->_email = $this->_email[0]; /* Php 5.3 */ $this->_name = ldap_get_values($ds, $entry, "displayName"); if (is_null($this->_name)) { $this->_name = ldap_get_values($ds, $entry, "givenName"); } $this->_name = $this->_name[0]; /* Php 5.3 */ $this->_instructor = ldap_get_values($ds, $entry, "title"); $this->_instructor = $this->_instructor[0]; /* Not expecting multiple entries */ /* $entry = ldap_next_entry($ds, $result); */ $entry = null; } }
function verify($cert, $dn) { $conn = ldap_connect($this->LDAP_HOST); if (!$conn) { return false; } if (!ldap_bind($conn)) { return false; } $resultset = ldap_search($conn, "c=EE", "(serialNumber=38212200301)"); if (!$resultset) { echo "No recs"; return false; } $rec = ldap_first_entry($conn, $resultset); while ($rec !== false) { $values = ldap_get_values($conn, $rec, 'usercertificate;binary'); $certificate = "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($values[0]), 64, "\n") . "-----END CERTIFICATE-----\n"; if (strcmp($cert, $certificate) == 0) { return "Found"; } $rec = ldap_next_entry($conn, $rec); } // Not found a record with a matching certificate return false; }
public function add_login($ad, $grupo, $user, $bdn, $ous) { try { $ous = "CN=" . $grupo . "," . $ous; if (self::login($ad, "*****@*****.**", "Ac9a7533#Ed")) { ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ad, LDAP_OPT_REFERRALS, 0); $results = ldap_search($ad, $bdn, "(sAMAccountName={$user})", array("sn", "cn"), 0, 1); $entry = ldap_get_entries($ad, $results); $first = ldap_first_entry($ad, $results); $dn = ldap_get_dn($ad, $first); $data = $entry[0]['cn'][0]; //$dn = str_replace($data, $user, $dn); //echo $dn; $user_array['member'] = $dn; //echo $ous; if (ldap_mod_add($ad, $ous, $user_array)) { return 1; } else { return 0; } //end if*/ } else { return 0; } //end if } catch (Exception $e) { return 0; } //end try }
function get_user_old_ldap($email) { $attributes = ["uid" => "uid", "mail" => "mail", "givenName" => "firstname", "sn" => "lastname", "displayName" => "nick", "gender" => "gender", "birthdate" => "dob", "o" => "organization", "c" => "country", "l" => "location"]; $this->load_library("ldap_lib", "ldap"); $ds = $this->ldap->get_link(); $dn = "dc=felicity,dc=iiit,dc=ac,dc=in"; $filter = '(&(mail=' . $email . '))'; $sr = ldap_search($ds, $dn, $filter, array_keys($attributes)); $entry = ldap_first_entry($ds, $sr); if (!$entry) { return false; } $entry_data = ldap_get_attributes($ds, $entry); $user_data = []; foreach ($attributes as $key => $value) { if (isset($entry_data[$key]) && isset($entry_data[$key][0])) { $user_data[$value] = $entry_data[$key][0]; } } if (isset($user_data["dob"])) { $date = date_create_from_format('d/m/Y', $user_data["dob"]); if ($date) { $user_data["dob"] = date_format($date, "Y-m-d"); } } if (isset($user_data["firstname"]) && isset($user_data["lastname"])) { $user_data["name"] = implode(" ", [$user_data["firstname"], $user_data["lastname"]]); unset($user_data["firstname"]); unset($user_data["lastname"]); } if (isset($user_data["gender"])) { $user_data["gender"] = strtolower($user_data["gender"]); } return $user_data; }
function getUserDn($username) { if ($this->send_utf8_credentials) { $username = studip_utf8encode($username); $reader_password = studip_utf8encode($this->reader_password); } $user_dn = ""; if (!($r = @ldap_bind($this->conn, $this->reader_dn, $this->reader_password))) { $this->error_msg = sprintf(_("Anmeldung von %s fehlgeschlagen."), $this->reader_dn) . $this->getLdapError(); return false; } if (!($result = @ldap_search($this->conn, $this->base_dn, $this->getLdapFilter($username), array('dn')))) { $this->error_msg = _("Durchsuchen des LDAP Baumes fehlgeschlagen.") . $this->getLdapError(); return false; } if (!ldap_count_entries($this->conn, $result)) { $this->error_msg = sprintf(_("%s wurde nicht unterhalb von %s gefunden."), $username, $this->base_dn); return false; } if (!($entry = @ldap_first_entry($this->conn, $result))) { $this->error_msg = $this->getLdapError(); return false; } if (!($user_dn = @ldap_get_dn($this->conn, $entry))) { $this->error_msg = $this->getLdapError(); return false; } return $user_dn; }
/** * @return mixed resource */ public function fetchEntry() { if (!$this->result_resource) { return null; } if (null === $this->entry_resource) { $this->entry_resource = ldap_first_entry($this->resource, $this->result_resource); } else { $this->entry_resource = ldap_next_entry($this->resource, $this->entry_resource); } if (!$this->entry_resource) { return null; } $dn = ldap_get_dn($this->resource, $this->entry_resource); $rawAttributes = ldap_get_attributes($this->resource, $this->entry_resource); $count = $rawAttributes['count']; $attributes = array(); for ($i = 0; $i < $count; $i++) { $attribute = $rawAttributes[$i]; $values = array(); $subCount = $rawAttributes[$attribute]['count']; for ($j = 0; $j < $subCount; $j++) { $values[] = $rawAttributes[$attribute][$j]; } $attributes[$attribute] = $values; } $object = new Object($dn, $attributes); return $object; }
function checkldapuser($username, $password) { require 'config.php'; $username = strtolower($username); $connect = ldap_connect($ldapServer); if ($connect != false) { ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // enlace a la conexión $bind = ldap_bind($connect, $usrLDAP, $pwdLDAP); if ($bind == false) { $mensajeError = "Falla la conexión con el servidor LDAP con el usuario \n{$usrLDAP}"; return $mensajeError; } // active directory - pch $bind = @ldap_bind($connect, "{$campoBusqLDAP}=" . $username . ",{$cadenaBusqLDAP}", $password); if ($bind == false) { $mensajeError = "Usuario o contraseña incorrecta"; return $mensajeError; } // busca el usuario - pch if (($res_id = ldap_search($connect, $cadenaBusqLDAP, "{$campoBusqLDAP}=" . $username)) == false) { $mensajeError = "No encontrado el usuario en el LDAP"; return $mensajeError; } $cant = ldap_count_entries($connect, $res_id); if ($cant == 0) { $mensajeError = "El usuario {$username} NO se encuentra en el A.D. {$bind} HLPHLP"; return $mensajeError; } if ($cant > 1) { $mensajeError = "El usuario {$username} se encuentra {$cant} veces en el A.D."; return $mensajeError; } $entry_id = ldap_first_entry($connect, $res_id); if ($entry_id == false) { $mensajeError = "No se obtuvieron resultados"; return $mensajeError; } if (($user_dn = ldap_get_dn($connect, $entry_id)) == false) { $mensajeError = "No se puede obtener el dn del usuario"; return $mensajeError; } error_reporting(0); /* Autentica el usuario */ if (($link_id = ldap_bind($connect, "{$user_dn}", $password)) == false) { error_reporting(0); $mensajeError = "USUARIO O CONTRASEÑA INCORRECTOS"; return $mensajeError; } return ''; @ldap_close($connect); } else { $mensajeError = "no hay conexión a '{$ldap_server}'"; return $mensajeError; } @ldap_close($connect); return false; }
/** * Returns the first entry in the result set. * * @throws \gossi\ldap\LdapException If the read fails. * @return \gossi\ldap\LdapEntry The new LdapEntry. */ public function getFirstEntry() { $this->pointer = ldap_first_entry($this->conn, $this->result); if (ldap_errno($this->conn)) { throw new LdapException(ldap_error($this->conn), ldap_errno($this->conn)); } return new LdapEntry($this->conn, $this->pointer); }
public static function readUser($ldapconn, $dn) { $search = ldap_read($ldapconn, $dn, USER::FILTER_USERS, array("cn", "mail", "displayName", "sn", "givenName", "memberOf")); if (ldap_count_entries($ldapconn, $search) > 0) { $entry = ldap_first_entry($ldapconn, $search); return User::readFromLdapEntry($ldapconn, $entry); } }
public function fetch_row() { if ($this->get_opt('fetch_pos')) { return ldap_next_entry($this->handle, $this->resource); } else { return ldap_first_entry($this->handle, $this->resource); } }
function login($user, $pass, $host, $port, &$err) { if ($this->ldapConn) { $err = "You are already logged in. Please logout first."; return false; } else { if (!$host || !$user || !$pass) { $err = "Must specify a host, user, and pass."; return false; } else { if (!$port) { $port = self::DEFAULT_LDAP_PORT; } } } $conn = ldap_connect($host, $port); if (!$conn) { $err = "Unable to connect to LDAP host [{$host}] on port [{$port}]."; return false; } $ldapBind = ldap_bind($conn, $user, $pass); if (!$ldapBind) { $err = "Wrong Username and/or Password."; ldap_unbind($conn); return false; } // Confirm that the provided username is truly a username. $attrs = array('uid', 'gidnumber'); // BASE_DN must be empty, because o=senate will miss those persons // who have the OU attribute in their DN. $sr = ldap_list($conn, self::DEFAULT_BASE_DN, "uid={$user}", $attrs); if (!$sr) { $err = "Unable to validate username."; ldap_unbind($conn); return false; } $ent_count = ldap_count_entries($conn, $sr); if ($ent_count !== 1) { $err = "Login [{$user}] is not a valid username."; ldap_unbind($conn); return false; } $ent = ldap_first_entry($conn, $sr); $uids = ldap_get_values($conn, $ent, "uid"); if ($uids['count'] > 1 || $uids[0] != $user) { $err = "Provided username does not match looked-up username."; ldap_unbind($conn); return false; } $gids = ldap_get_values($conn, $ent, "gidnumber"); unset($gids['count']); $groupNames = $this->convertGroupIdsToNames($conn, $gids); $this->ldapConn = $conn; $this->ldapUser = $user; $this->groupNames = $groupNames; $err = null; return true; }
function login($uid, $pwd, $ip = 0) { // connect to ldap-server // echo ("Host: ".$this->host." Port: ".$this->port." BaseDN: ".$this->basedn." UID: $uid, PWD: $pwd \n<br>\n"); if ($connect = @ldap_connect($this->host)) { // if connected to ldap server, check for protocol version if (!@ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3)) { // echo "version 2<br>\n"; $this->ldapver = 2; } // echo "verification on '$this->host': "; // bind to ldap connection if (($bind = @ldap_bind($connect)) == false) { // print "bind:__FAILED__<br>\n"; return false; } // check whether we have an email address or an actual user id if (strpos($uid, '@') > 0) { $filter = "mail=" . $uid; } else { $filter = "uid=" . $uid; } // search for user if (($res_id = @ldap_search($connect, $this->basedn, $filter)) == false) { // print "failure: search in LDAP-tree failed<br>"; return false; } if (@ldap_count_entries($connect, $res_id) != 1) { // print "failure: error looking up user $username<br>\n"; return false; } if (($entry_id = @ldap_first_entry($connect, $res_id)) == false) { // print "failure: entry of searchresult couln't be fetched<br>\n"; return false; } if (($user_dn = @ldap_get_dn($connect, $entry_id)) == false) { // print "failure: user-dn coulnd't be fetched<br>\n"; return false; } // authenticate user if (($link_id = @ldap_bind($connect, $user_dn, $pwd)) == false) { // print "failure: username, password didn't match: $user_dn<br>\n"; return false; } // login went fine, user login is ok @ldap_close($connect); $this->uid = $uid; return true; } else { // no conection to ldap server echo "no connection to '{$ldap_server}'<br>\n"; } // echo "failed: ".ldap_error($connect)."<BR>\n"; // something went wrong, cleanup and return false @ldap_close($connect); return false; }
function ldapauth_authenticate($username, $password) { $ldap_server = get_config('ldapauth', 'ldap_server'); $ldap_binddn = get_config('ldapauth', 'ldap_binddn'); $ldap_bindpw = get_config('ldapauth', 'ldap_bindpw'); $ldap_searchdn = get_config('ldapauth', 'ldap_searchdn'); $ldap_userattr = get_config('ldapauth', 'ldap_userattr'); $ldap_group = get_config('ldapauth', 'ldap_group'); if (!(strlen($password) && function_exists('ldap_connect') && strlen($ldap_server))) { return false; } $connect = @ldap_connect($ldap_server); if (!$connect) { return false; } @ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); if (@ldap_bind($connect, $ldap_binddn, $ldap_bindpw) === false) { return false; } $res = @ldap_search($connect, $ldap_searchdn, $ldap_userattr . '=' . $username); if (!$res) { return false; } $id = @ldap_first_entry($connect, $res); if (!$id) { return false; } $dn = @ldap_get_dn($connect, $id); if (!@ldap_bind($connect, $dn, $password)) { return false; } if (!strlen($ldap_group)) { return true; } $r = @ldap_compare($connect, $ldap_group, 'member', $dn); if ($r === -1) { $err = @ldap_error($connect); $eno = @ldap_errno($connect); @ldap_close($connect); if ($eno === 32) { logger("ldapauth: access control group Does Not Exist"); return false; } elseif ($eno === 16) { logger('ldapauth: membership attribute does not exist in access control group'); return false; } else { logger('ldapauth: error: ' . $err); return false; } } elseif ($r === false) { @ldap_close($connect); return false; } return true; }
/** * @return Entry|null * @throws EntryRetrievalFailureException */ public function firstEntry() { if (!($entry = ldap_first_entry($this->link, $this->result))) { if (0 !== ($errNo = ldap_errno($this->link))) { throw new EntryRetrievalFailureException(ldap_error($this->link), $errNo); } return null; } return new Entry($this->link, $entry); }
public function fetch($entryResource = NULL) { if (!$this->resource) { return FALSE; } if ($entryResource === NULL) { $entryResource = ldap_first_entry($this->connection->resource, $this->resource); } return new LdapRecord($this, $entryResource); }
/** * Gets first entry * * @return peer.ldap.LDAPEntry or FALSE if none exists by this offset * @throws peer.ldap.LDAPException in case of a read error */ public function getFirstEntry() { $this->entry = array(ldap_first_entry($this->_hdl, $this->_res)); if (FALSE === $this->entry[0]) { if (!($e = ldap_errno($this->_hdl))) { return FALSE; } throw new LDAPException('Could not fetch first result entry.', $e); } $this->entry[1] = 1; return LDAPEntry::fromResource($this->_hdl, $this->entry[0]); }
function getObjectSid($adConn, $dn, $distname) { //Select which attributes wa want $attrs = array("objectsid"); //Filter creation $filter = "distinguishedname=" . addslashes($distname); //Do the seacrh! $search = ldap_search($adConn, $dn, $filter, $attrs) or die("**** happens, no connection!"); $entry = ldap_first_entry($adConn, $search); $vals = ldap_get_values_len($adConn, $entry, "objectsid"); return bin2hex($vals[0]); }
public function studentid2uid($pStudentId) { if (empty($pStudentId)) { throw new Exception("No parameter given", E_PARAM); } $dn = LDAP_OU . ", " . LDAP_O . ", " . LDAP_C; $filter = "(&(objectclass=" . LDAP_OBJECTCLASS_STUDENT . ")(" . LDAP_ATTRIBUTE_STUDID . "=" . $pStudentId . "))"; $search = ldap_search($this->ldap_conn, $dn, $filter, array("uid")); $entry = ldap_first_entry($this->ldap_conn, $search); $result = @ldap_get_values($this->ldap_conn, $entry, "uid"); ldap_free_result($search); return $result[0]; }
/** * Realiza la autentificacion utilizando un servidor LDAP * @return $value Retorna TRUE o FALSE de acuerdo al estado de la autentifiacion */ function autenticar($id_usuario, $clave, $datos_iniciales = null) { if (!extension_loaded('ldap')) { throw new toba_error("[Autenticación LDAP] no se encuentra habilitada la extensión LDAP"); } $conexion = @ldap_connect($this->server); ldap_set_option($conexion, LDAP_OPT_PROTOCOL_VERSION, 3); if (!$conexion) { toba::logger()->error('[Autenticación LDAP] No es posible conectarse con el servidor: ' . ldap_error($conexion)); return false; } //$bind = @ldap_bind($conexion); $bind = @ldap_bind($conexion, $this->bind_dn, $this->bind_pass); if (!$bind) { toba::logger()->error('[Autenticación LDAP] No es posible conectarse con el servidor: ' . ldap_error($conexion)); return false; } $res_id = @ldap_search($conexion, $this->dn, sprintf($this->filter, $id_usuario)); if (!$res_id) { toba::logger()->error('[Autenticación LDAP] Fallo búsqueda en el árbol: ' . ldap_error($conexion)); return false; } $cantidad = ldap_count_entries($conexion, $res_id); if ($cantidad == 0) { toba::logger()->error("[Autenticación LDAP] El usuario {$id_usuario} no tiene una entrada en el árbol"); return false; } if ($cantidad > 1) { toba::logger()->error("[Autenticación LDAP] El usuario {$id_usuario} tiene más de una entrada en el árbol"); return false; } $entrada_id = ldap_first_entry($conexion, $res_id); if ($entrada_id == false) { toba::logger()->error("[Autenticación LDAP] No puede obtenerse el resultado de la búsqueda" . ldap_error($conexion)); return false; } $usuario_dn = ldap_get_dn($conexion, $entrada_id); if ($usuario_dn == false) { toba::logger()->error("[Autenticación LDAP] No pude obtenerse el DN del usuario: " . ldap_error($conexion)); return false; } $link_id = @ldap_bind($conexion, $usuario_dn, $clave); if ($link_id == false) { toba::logger()->error("[Autenticación LDAP] Usuario/Contraseña incorrecta: " . ldap_error($conexion)); return false; } ldap_close($conexion); $usuario = $this->recuperar_usuario_toba($id_usuario); toba::logger()->debug("[Autenticación LDAP] OK"); return true; }
/** * Auxiliar directo de busqueda. Dado un ldap result, itera por el para conseguir sus datos * * @param ldap result $busquedaLdap * @param array $atributos * @return boolean */ private function iterarEntradas($busquedaLdap, array $atributos) { $datos = array(); if ($entrada = ldap_first_entry($this->conexionLdap, $busquedaLdap)) { do { // Ejecutamos al menos una vez el mapeo de entradas con sus atributos, a menos // que no haya nada $datos[] = $this->mapa($atributos, $entrada); } while ($entrada = ldap_next_entry($this->conexionLdap, $entrada)); return $datos; } else { return FALSE; } }
/** * @brief reads a given attribute for an LDAP record identified by a DN * @param $dn the record in question * @param $attr the attribute that shall be retrieved * if empty, just check the record's existence * @returns an array of values on success or an empty * array if $attr is empty, false otherwise * * Reads an attribute from an LDAP entry or check if entry exists */ public function readAttribute($dn, $attr, $filter = 'objectClass=*') { if (!$this->checkConnection()) { \OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN); return false; } $cr = $this->connection->getConnectionResource(); if (!is_resource($cr)) { //LDAP not available \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG); return false; } $dn = $this->DNasBaseParameter($dn); $rr = @ldap_read($cr, $dn, $filter, array($attr)); if (!is_resource($rr)) { if (!empty($attr)) { //do not throw this message on userExists check, irritates \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN ' . $dn, \OCP\Util::DEBUG); } //in case an error occurs , e.g. object does not exist return false; } if (empty($attr)) { \OCP\Util::writeLog('user_ldap', 'readAttribute: ' . $dn . ' found', \OCP\Util::DEBUG); return array(); } $er = ldap_first_entry($cr, $rr); if (!is_resource($er)) { //did not match the filter, return false return false; } //LDAP attributes are not case sensitive $result = \OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8'); $attr = mb_strtolower($attr, 'UTF-8'); if (isset($result[$attr]) && $result[$attr]['count'] > 0) { $values = array(); for ($i = 0; $i < $result[$attr]['count']; $i++) { if ($this->resemblesDN($attr)) { $values[] = $this->sanitizeDN($result[$attr][$i]); } elseif (strtolower($attr) == 'objectguid' || strtolower($attr) == 'guid') { $values[] = $this->convertObjectGUID2Str($result[$attr][$i]); } else { $values[] = $result[$attr][$i]; } } return $values; } \OCP\Util::writeLog('user_ldap', 'Requested attribute ' . $attr . ' not found for ' . $dn, \OCP\Util::DEBUG); return false; }
/** * Gets first entry * * @return peer.ldap.LDAPEntry or NULL if nothing was found * @throws peer.ldap.LDAPException in case of a read error */ public function first() { $entry = ldap_first_entry($this->conn, $this->result); if (!$entry) { if ($e = ldap_errno($this->conn)) { throw new LDAPException('Could not fetch first result entry.', $e); } return null; // Nothing found } else { $this->iteration = [$entry, 1]; return LDAPEntry::create(ldap_get_dn($this->conn, $entry), ldap_get_attributes($this->conn, $entry)); } }
/** * read binary attribute from one entry from the ldap directory * * @todo still needed??? * * @param string $_dn the dn to read * @param string $_filter search filter * @param array $_attribute which field to return * @return blob binary data of given field * @throws Exception with ldap error */ public function fetchBinaryAttribute($_dn, $_filter, $_attribute) { $searchResult = @ldap_search($this->getResource(), $_dn, $_filter, $_attributes, $this->_attrsOnly, $this->_sizeLimit, $this->_timeLimit); if ($searchResult === FALSE) { throw new Exception(ldap_error($this->getResource())); } $searchCount = ldap_count_entries($this->getResource(), $searchResult); if ($searchCount === 0) { throw new Exception('Nothing found for filter: ' . $_filter); } elseif ($searchCount > 1) { throw new Exception('More than one entry found for filter: ' . $_filter); } $entry = ldap_first_entry($this->getResource(), $searchResult); return ldap_get_values_len($this->getResource(), $entry, $attribute); }
protected function search($ldap, $user) { $srch = ldap_search($ldap, 'DC=' . implode(',DC=', explode('.', $this->domain)), '(&(objectclass=person)(|(userprincipalname=' . $user . ')(distinguishedname=' . $user . '))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'); $data = ldap_first_entry($ldap, $srch); if (!$data) { return null; } $temp = []; foreach (ldap_get_attributes($ldap, $data) as $k => $v) { if ($v && isset($v['count']) && $v['count'] === 1) { $temp[$k] = $v[0]; } } return $temp; }
/** * LDAPEngine constructor to initialize object * @param string $uid user id * @param string $password password associated with uid */ function LDAPEngine($uid, $password) { global $conf; $this->connected = false; if (strlen($uid) == 0 || strlen($password) == 0) { return; } $this->host = $conf['ldap']['host']; $this->port = $conf['ldap']['port']; $this->basedn = $conf['ldap']['basedn']; $this->AD_lookupid = $conf['ldap']['lookupid']; $this->AD_lookuppwd = $conf['ldap']['lookuppwd']; $this->ldap = ldap_connect($this->host, $this->port) or die("Could not connect to LDAP server."); $this->uid = $uid; if ($this->ldap) { $bind = $this->AD_lookupid ? @ldap_bind($this->ldap, $this->AD_lookupid, $this->AD_lookuppwd) : @ldap_bind($this->ldap); if ($bind) { // System authentication was a success, lookup user's dn via uid= filter $result = ldap_search($this->ldap, $this->basedn, "uid" . "=" . $this->uid); if (ldap_count_entries($this->ldap, $result) <= 0) { print "<p>LDAPEngine: Search in LDAP failed. uid={$this->uid}<p>"; ldap_close($this->ldap); return; } else { $this->binddn = ldap_get_dn($this->ldap, ldap_first_entry($this->ldap, $result)); //print "<p>LDAPEngine: User binding as dn=".$this->binddn."<p>"; $bind2 = @ldap_bind($this->ldap, $this->binddn, $password); if ($bind2) { //print "<p>LDAPEngine: bind using user credentials successful.</p>"; } else { //print "<p>LDAPEngine: bind using user credentials failed.</p>"; ldap_close($this->ldap); return; } } // ------------------------------------ if ($this->loadUserData()) { $this->connected = true; $this->password = $password; } else { ldap_close($this->ldap); } } else { die("LDAPEngine: Attempt to bind to:" . $this->host . " using systemid:" . $this->lookupid . " failed."); ldap_close($this->ldap); } } }